CVE-2026-33146

Name of the Vulnerable Software and Affected Versions Docmost versions 0.70.0 through 0.70.2

Description An authorization bypass in this open-source collaborative wiki and documentation software exposes restricted child page titles and text snippets. This occurs through the public search endpoint ''/api/search/share-search'' for publicly shared content, allowing unauthenticated users to enumerate and retrieve content that should be hidden from public share viewers, resulting in a confidentiality breach.

Recommendations Update to version 0.70.3.